Security fixes are applied to the latest released version.
Please do not open public issues for suspected vulnerabilities.
Use GitHub Security Advisories to report privately:
- Go to
https://github.com/tq-lang/tq/security/advisories/new - Submit details, impact, and a minimal reproduction
- Include the affected version and environment
If you cannot use GitHub Security Advisories, open a normal issue and clearly state that you need a private contact channel for a security report.
- Initial acknowledgment target: within 5 business days
- We will validate, assess severity, and coordinate a fix and disclosure plan
- We will credit reporters in release notes unless anonymity is requested